Continuous automation and integration is the name of the game, and StackHawk is purpose built to work with your preferred third-party development tools.
StackHawk workflow integrations interact with other third-party integration providers of software development services. Some integrations authenticate with StackHawk following the OAuth 2.0 Authorization Framework. Some workflow integrations use a provided API key to exchange resources between StackHawk and the third party. Other integrations require installing an add-on and connecting with a temporary integration token to enable communication between StackHawk and the third-party.
All StackHawk integrations can be managed from the integrations tab.
These are integrations with notification, logging, and messaging tools. These integrations trigger events in their respective platforms when HawkScan is run.
These are integrations with development planning and project management tools. They can be used to create tickets and manage scan findings from StackHawk. Only one project management integration can be installed for an organization.
These are integrations with SAST (Static Application Security Testing) Tools. They link Findings between StackHawk and the SAST Provider.
These are integrations with other tools, or that don’t specifically fit into a category above.
StackHawk integrations are associated to a user’s organization, and can be managed in the integrations tab of the web platform. Because integrations are assigned to the user’s organization, the user that established the integration can leave the organization and the integrations will continue to operate.
Integrations are generally bound two-ways: an integration can be removed either via StackHawk or from the integration provider.
To remove an integration via the StackHawk Platform, go to its integration configuration page. Under the
danger zone settings, choose to remove the integration from the organization.
To fully remove some integrations, you may need to additionally remove the app or add-on from the integration provider as well.
A removed integration can always be recreated.
A common pattern of OAuth 2.0 integrations is a request of certain assigned permissions, or scopes. Each integration provider has their own defined scopes and what permissions each scope entails. To learn more about what permission StackHawk requests, visit the integration’s docs. As part of authorizing an integration, you will be asked to verify approval of the requested scopes for your integration.
For non-OAuth 2.0 integrations, such as add-ons, the permissions are detailed in the installation.
StackHawk and the third-party integration provider each reserve the right to make changes to how their services operate and how the integration operates. For the most part, changes to the integration will update automatically or new configuration options will be made available to support any changes.
If a change to the integration requires additional scopes, you will need to reauthorize the integration with the expanded scopes to use the updated functionality. You can still use an existing integration with its existing scopes.
StackHawk is continuously adding new tooling and integrations to improve our platform. If there is functionality you would like to see with an existing integration, or if you have a third-party tool you would like to see StackHawk integrate with, drop us a line at firstname.lastname@example.org.